Lucene search

Samsung MobileCVE-2022-39879

HistoryNov 09, 2022 - 10:15 p.m.

CVE-2022-39879

2022-11-0922:15:16

CWE-285

Samsung Mobile

web.nvd.nist.gov

cve-2022-39879

improper authorization

callbgprovider

smr nov-2022 release 1

local attacker

permission grant

phone uid

nvd

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

3.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid.

Affected configurations

Nvd

Node

googleandroidMatch11.0

googleandroidMatch12.0

VendorProductVersionCPE
googleandroid11.0cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
googleandroid12.0cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	11.0	cpe:2.3:o:google:android:11.0:::::::*
google	android	12.0	cpe:2.3:o:google:android:12.0:::::::*

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Mobile Devices",
    "versions": [
      {
        "version": "R(11), S(12)",
        "status": "affected",
        "lessThan": "SMR Nov-2022 Release 1",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2022&month=11

Social References

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

3.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-39879